I did a nessus scan on some of my servers today, and I got back this.
The remote host is using a version of OpenSSL which is
older than 0.9.6m or 0.9.7d
There are several bug in this version of OpenSSL which may allow
an attacker to cause a denial of service against the remote host.
*** Nessus solely relied on the banner of the remote host
*** to issue this warning
Solution : Upgrade to version 0.9.6m (0.9.7d) or newer
Risk factor : High
CVE : CVE-2004-0079, CVE-2004-0081, CVE-2004-0112
BID : 9899
Other references : IAVA:2004-B-0006
I went and did a upgrade to versioin 0.9.8. Now when I run "openssl version", I get this:
OpenSSL 0.9.8e 23 Feb 2007
So after upgrading, I re-ran the nessus scan. And I got back the same result. I imagine this is an apache config problem?
I'm running apache 2.2.4 w/ php5.2.1. openssl is version 0.9.8.
Can anyone give me some direction?